Can I encrypt the OS for boot only?

Question

I have a LAMP system running (of an SD card on small computer) that monitors some arbitrary data. I return the data as JSON from the page so that it can be used in whatever reason its fit for.

I would like to protect the PHP SOurce files and other code from prying eyes. I know that the root and user password MUST be very strong to prevent brute or lucky entry.

How would I prevent users from accessing any data within the Linux OS (/usr; /etc) when they take the SD card out and try and mount it or extract it on another system?

-EDIT

I found this for FreeBSD how can I configure it for Ubuntu?

I would use LUKS, or use an actual server with a real hard disk. — nanofarad, Aug 14 '12 at 15:24

score 1 · Accepted Answer · edited Apr 13 '17 at 12:23

1

The best way and most difficult for any intruder is to use LVM and a separate USB key to store the key data for auto decryption.

This answer is very close to what I have asked

https://askubuntu.com/a/90911/37108

But there are other ways to achieve what I need without a separate USB key but pointed out that it is very easy to hijack grub and boot into root with full access.

edited Apr 13 '17 at 12:23

Community

1

answered Aug 14 '12 at 16:09

Piotr Kula

632
2
6
14

Can I encrypt the OS for boot only?

1 Answers1